class CommentsController < ApplicationController
  before_filter :find_article
  before_filter :login_required, :only => [ :destroy, :delete ]

  def create
    @comment = @article.comments.build(params[:comment])
    @comment.save!
    redirect_to article_url(@article)
  rescue
    render :action => 'new'
  end

  def destroy
    @article.comments.destroy(params[:id]) if request.delete?
    redirect_to article_url(@article)
  end

  def delete
    @comment = @article.comments.find(params[:id])
  end
  
  protected
    def find_article
      @article = Article.find(params[:article_id])
    end

    # only article author and admin can delete comments
    def authorized?
      current_user == @article.user || current_user.login == 'admin'
    end
end
